I've been trying to get hardware acceleration working on rootless containers of Plex and Jellyfin and I can't get it to work the proper way.
My current workaround is having my device /dev/dri/renderD128 with permissions set to 666, but I feel like that really isn't an ideal setup.
Some things I've done:
-Currently I'm running my containers with my user with ID 1000.
-My user is part of the render group, which is the group assigned to:
/dev/dri/renderD128
-I'm passing the device to the containers as such:
--device /dev/dri:/dev/dri
-In my plex container for example, I'm passing the IDs to use as such:
-e PUID=1000 and -e PGID=1000
-I tried the option "--group-add keep-groups" and I see the groups in the container but I believe they're assigned to the root user in the container, and from my understanding, the plex and jellyfin images I've tried I think they create a user inside with the IDs I pass, in this case 1000, and so this new user doesn't get assigned my groups on the host. I'm using the LinuxServer.io images currently but I saw the official plex image creates a user named "plex". The LinuxServer.Io images create a user named "abc".
-Out of curiosity on the host I changed the group of /dev/dri/renderD128 to my user's group 1000, but that didn't work either
-I tried with the --privileged option too but that didn't seem to work either, at least running podman as my user.
-I haven't tried running podman as root for these containers, and I wonder how that compares security-wise vs having my /dev/dri/renderD128 with permissions set to 666
For some context, I've been transitioning from Docker to Podman rootless over the past 5 days maybe. I've learned a couple of things but this one has been quite a headache.
Any tips or hints would be appreciated. Thanks!
I'm running rootful podman but intend to switch to rootless. I also recently got a video card and want to do GPU passthrough, but I haven't had a chance to install the card in my server yet.
Following this and hope to remember to provide some info once I give it a go.
Are you using systemd to manage your podman containers?
Yes I did the Systemd integration at the user level too and I quite like it